A variety of security techniques are known for protecting information in and controlling the operation of a computing device such as a personal computer (“PC”), a server or a mobile device. For example, physical and/or cryptographic techniques may be employed to control access to the computing device and to data stored in the computing device.
Physical security techniques may include locating the computing device in a secure location, locking the computing device in an enclosure, protecting integrated circuits (i.e., chips) from invasive monitoring by encapsulating the chips in, for example, an epoxy.
Cryptographic techniques may include one or more of encryption, decryption, authentication, signing and verification. In some applications data encryption and decryption techniques may be used to prevent unauthorized applications or persons from accessing data stored in the computing device. For example, security passwords that are used to restrict access a PC may be stored on the PC in an encrypted form. The operating system may then decrypt password when it needs to compare it with a password typed in by a user.
In some applications authentication techniques may be used to verify that a given set of data is authentic. For example, when a server receives a message from a remote client, authentication information associated with the message may used to verify that the message is from a specific source. In this way, the server may ensure that only authorized clients access the applications and data provided by the server.
In practice, there may be circumstances under which the process of sending secret credentials such as a password or cryptographic key may be compromised. For example, when a user uses a computing device to access a secured service, the user may first need to enter the secret credentials into the computing device. The computing device may then forward these credentials to a service provider that then determines whether the user is authorized to use the requested service.
In the event the computing device has been comprised by a hacker or a computer virus, an unauthorized person may gain access to these credentials. As a result, an unauthorized person may be able to access the secured service. Serious consequences may result when the secured service includes sensitive information such as financial data or personal information. Accordingly, a need exists for improved techniques for providing access to secured services.